For businesses of any size, fraud and scams are a constant threat. According to the 2025 Association of Financial Professionals Payments Fraud and Control Survey, 79% of organizations were targeted by payment fraud in 2024. This highlights the importance of staying vigilant and informed about the latest fraud trends.

Businesses are commonly targeted by three different types of scams: business email compromise (BEC), check fraud, and phishing, each of which can lead to significant financial losses and potential reputational damage. Learn more about these types of fraud below.

Business Email Compromise (BEC)

With business email compromise (BEC), fraudsters impersonate legitimate businesses or individuals, often through email. They attempt to trick recipients into transferring funds, revealing sensitive information, or granting unauthorized access to internal systems. This type of scam typically targets financial and accounting staff.

Fraudsters will use spoofing, email/domain impersonation, or account takeover to mimic vendors or suppliers. A fake BEC email will often include a sense of urgency and authority, and the fraudster will attempt to leverage the business’s trust in the impersonated entity. Common methods used in a BEC include fake invoice requests, wire transfer requests, and requests for sensitive information like account updates.

To prevent BEC, always verify email requests that include changes to account information with a verbal phone call to the trusted contact. Businesses do not usually change account numbers out of the blue, so it’s important to verify that it’s a legitimate request. Take extra caution if the request is invoking urgency or if it’s out of the norm from the typical communication you receive from the vendor.

Check Fraud

Check fraud, another common threat to businesses, involves the fraudulent use of business checks to steal money or goods. Fraudsters will attempt to steal checks from businesses or individuals, typically before the checks are signed. Check fraud can occur through various forms, including the use of counterfeit checks, stealing or altering legitimate checks, or forging signatures.

To prevent check fraud, businesses should: 

• Always secure your check stock when not in use.
• Avoid leaving check books in vehicles, and instead store them in a locked and secured place.
• Use more secure forms of payments, such as digital payments, whenever possible.
• Be sure to monitor accounts regularly and report fraud as soon as it’s discovered.
• Utilize Bell’s Positive Pay tool, a valuable resource to help prevent fraud by verifying checks and flagging suspicious activity.

Phishing

Phishing is a type of cybercrime where fraudsters trick businesses or individuals into revealing sensitive information, such as online banking passwords or account or credit card details. The fraudster may pretend to be with a legitimate company, such as your bank, credit card company, or vendor, and initiate contact through emails, texts, or phone calls. The goal of phishing is to trick the recipient into clicking on a link or opening an attachment in order to steal sensitive information, install malware, and/or gain unauthorized access to systems.

Typical phishing messages: 

• May ask for your online banking credentials or secure access code (SAC).
• Often claim there is a problem with your account or payment information.
• Claim they’re trying to confirm your personal or financial information.

It’s important to remember that banks, credit card companies and vendors will never reach out asking for your information. You should never click on links or attachments from sources you don’t know.

Setting up software to automatically update on your computers and cellphones can help safeguard against phishing attacks. Additionally, use multi-factor authentication (MFA) whenever possible, which can make it harder for a fraudster to gain access to an account if your username or password is compromised.

What To Do if You Clicked on a Suspicious Link or Suspect Fraud

If you think you’ve been the victim of fraud, you should: 

• File a report with the Federal Trade Commission at https://reportfraud.ftc.gov/undefined.
• Contact your local banker to freeze your account.
• Work with your IT department to scrub the affected computer or mobile device if you clicked on a malicious link.

Read Our Prevention Checklist

By staying informed and taking a proactive approach, you can protect yourself and your business from fraud and scams. Read our fraud prevention checklist for more tips and resources.

Business Banking Fraud Prevention Checklist